IoT systems are increasingly composed out of flexible, programmable, virtualised, and arbitrarily chained IoT elements and services using portable code. Moreover, they might be sliced, i.e. allowing multiple logical IoT systems (network + application) to run on top of a shared physical network and compute infrastructure. However, implementing and designing particularly security mechanisms for such IoT systems is challenging since a) promising technologies are still maturing, and b) the relationships among the many requirements, technologies and components are difficult to model a-priori.

The aim of the paper is to define design cues for the security architecture and mechanisms of future, virtualised, arbitrarily chained, and eventually sliced IoT systems. Hereby, our focus is laid on the authorisation and authentication of user and host, as well as on code integrity in these virtualised systems. The design cues are derived from the design and implementation of a secure virtual environment for distributed and collaborative AI system engineering using so called AI pipelines. The pipelines apply chained virtual elements and services and facilitate the slicing of the system. The virtual environment is denoted for short as the virtual premise (VP). The use-case of the VP for AI design provides insight into the complex interactions in the architecture, leading us to believe that the VP concept can be generalised to the IoT systems mentioned above. In addition, the use-case permits to derive, implement, and test solutions. This paper describes the flexible architecture of the VP and the design and implementation of access and execution control in virtual and containerised environments.

View More Papers

Privacy preserving learning in IoT systems

Farinaz Koushanfar (Professor and Henry Booker Faculty Scholar, Co-Founder and Co-Director, Center for Machine-Integrated Computing and Security, Jacobs School of...

Read More

Tattle Tale Security: An Intrusion Detection System for Medical...

Lanier Watkins, Shreya Aggarwal, Omotola Akeredolu, William H. Robinson and Aviel Rubin

Read More

IoT Security Solution Distribution via DLT

Le Su (Nanyang Technological University, Singapore); Dinil Mon Divakaran (Trustwave, Singapore); Sze Ling Yeo (Institute for Infocomm Research, Singapore); Jiqiang...

Read More

Mining Threat Intelligence from Billion-scale SSH Brute-Force Attacks

Yuming Wu, Phuong Cao (University of Illinois at Urbana Champaign, USA); Alexander Withers (National Center for Supercomputing Application, USA); Zbigniew...

Read More